Tag Archives: phishing

Wear USB Condoms- Hackers Are Poised To Attack Tourists This Travel Season

June 29, 2022 The Silo Leave a comment

As the 2022 school year comes to an end, the surge of summer travel plans begins. With an estimated 60% of Canadians and Americans planning at least one trip over the next 3 months, hackers have roughly 200,000,000 projected tourists to prey on.

Lookout’s Cyber Security Expert, Hank Schless, shares how these cyber-attacks usually capitalize on travelers who are often overwhelmed or distracted when in unfamiliar environments, like airports and cafes.

>> Public Wifi Connections

“Although many airports offer free Wi-Fi connectivity, you should make sure that you join the official airport network and not a similar network that is configured to trick travelers into giving up their usernames and passwords”

Attackers have been known to set up fake networks – with obvious but convincing names like ‘Starbucks_Guest_WiFi’.
Once you connect, they’ll gain access to sensitive information, including your login credentials, emails, and messages.
In order to protect yourself from wifi threats, alter your device’s settings so that it does not automatically connect to nearby networks, which the Lookout app does automatically.

>> Social Awareness & Juice Jacking

While on the go, travelers rely on power outlets and USB cords to keep their mobile device’s battery charged. Attackers can exploit USB chargers by loading malware onto them that infects your device the second you plug it in – Always be aware of your surroundings.

The “USB condom” works by physically disconnecting the data pins of a USB device and only allowing the power pins to make contact.

If someone approaches you and offers their USB charging cord, it is best to decline.

Always travel with your personal USB cords, and plug your charger directly into an electrical socket (vs USB port) if possible.
The easiest place for a scammer to steal or hack your phone is in crowded areas – so never leave your phone or device unattended and only let people you know “borrow” your devices.

>> SMS and Email Travel Updates

“It’s important to be on guard for travel-related email, text, and social media scams as well. Attackers may try to steal a traveler’s credentials through phishing campaigns that pretend to be an airline, credit card company, or TSA”

The Lookout App by Google is now available in Canada.

Here’s how it works: A scammer will send a message telling the recipient that their TSA PreCheck needs to be renewed, but the link in the renewal email leads to a fake site where hackers can accept payment and steal a victim’s personal information.

Although the TSA sends renewal reminder texts and emails, travelers should always go directly to the TSA website for information on their existing accounts.
For added protection, consumers can also download security – Security protection, like the Lookout app, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.

Gaming

Minecraft is most malware infected game

October 8, 2021 The Silo Leave a comment

228k Users Affected, Are You One Of Them?

As people are looking for ways to unwind at home, the gaming industry has been one of the primary places people set their eyes on. Not only is it a way to entertain yourself for hours on end, but it is also a place for people to connect, which is otherwise hard to do during the pandemic.

According to data presented by the Atlas VPN team, 303,827 individuals’ devices were affected by gaming-related malware and unwanted software between July 1, 2020, and June 30, 2021. Mobile games are also a major threat for gamers.

As many as 50,644 users attempted to download 10,488 unique files disguised as the ten most-played mobile games, generating a total of 332,570 detections. Minecraft was by far the most popular game on both PC and mobile platforms for dangerous app distributors to hide behind. On PC, nearly 185 thousand users were affected with over 3 million malware and unwanted software detections.

On mobile, the number of victims exceeds 44 thousand for the period.

Unwanted software includes files like adware, spyware, and so on. There are various versions of Minecraft and a plethora of mods (modifications that may be placed on top of the basic game to diversify gameplay) may account for its enormous popularity. Because mods are unofficial and developed by users, they can be used to hide dangerous payloads or undesirable software.

Security tips for gamers

Protect your accounts with two-factor authentication (2-FA) whenever possible.
Use strong passwords for your accounts, with a different one for each. That way, even if one of your accounts is compromised, the remainder will remain unaffected.
Downloading games from official retailers such as Steam, Apple App Store, Google Play, or Amazon Appstore is safer. These marketplaces aren’t completely safe, but they are at least examined by store staff, and there is some sort of screening procedure in place: not every app is allowed into these stores.
If you want to buy a game that isn’t accessible in major stores, you should do it through the official website. Make sure to double-check the website’s URL to avoid impostor sites.
Be cautious of phishing campaigns and unfamiliar players. If you are unsure about the sender, do not open links you receive via email or in a gaming chat. Do not open files sent to you by strangers.

Another one of the most well-known game titles worldwide, The Sims 4, was the second most often used title to distribute unwanted files. Over 43 thousand users were impacted, with detections closing in on 1.3 million. For the Silo, Valentina Perez.

Sci-Tech

top brands impersonated most in phishing attacks

August 5, 2021 The Silo Leave a comment

Criminals continue to impersonate well-known brands to trick people into giving up their personal information.

According to the data presented by the Atlas VPN team, Crédit Agricole, a French financial group, was by far the most used brand in phishing attacks in H1 2021. The brand was linked with 17,755 unique phishing URLs, followed by social media giant Facebook with 17,338 and Microsoft with 12,777.

The figures are based on Phisher’s Favorite Top 25 H1 2021 report by Vade, which looks at the 25 most impersonated brands in phishing attacks from January 1, 2021, to June 30, 2021.

Multi-platform messaging service provider WhatsApp is the second social media brand to make the top ten list. It was taken advantage of in 8,727 phishing attacks. Meanwhile, French bank La Banque Postale occupies the fifth spot with 7,180 attacks.

Other brands in the top ten list include multinational telecoms company Orange (4,047), the world’s largest online retailer Amazon (3,501), multibillion-dollar media, entertainment, and communications company Comcast (3,116), digital payment service provider PayPal (2,601), and American national bank Chase (2,537).

Most phishing assaults were perpetrated in Brazil, followed by Russia and Indonesia.

Financial brands were criminals’ favorite

Generally, cybercriminals choose highly-trusted brands in their phishing campaigns. However, brands in certain industries were more favored than others.

Financial service brands were particularly popular in phishing attempts due to the rise in digital payments and growing reliance on online banking during the pandemic. They accounted for 36% of URL phishing attacks in H1 2021.

Cybercriminals spoofed well-known financial brands such as Crédit Agricole, La Banque Postale, PayPal, Chase, Wells Fargo, Square, HSBC, and Banque Populaire to lure out sensitive information from unsuspecting victims.

Social media companies were also heavily impacted. Social media brand impersonation accounted for over a quarter (26%) of all brand phishing attacks in the first half of this year. Apart from Facebook and WhatsApp, Instagram and LinkedIn were common choices for criminals.

Next up is the cloud sector. Cloud companies like Microsoft, Netflix, Adobe, and DocuSign were involved in 17% of URL phishing attacks. Meanwhile, 11% of phishing assaults targeted e-commerce and logistics companies, such as Amazon, DHL, Rakuten, Apple, and eBay.

The remaining 10% of brands spoofed in URL phishing attacks were internet and telecommunication companies, such as Orange, Comcast, Yahoo, SFR (9%), as well as government organizations (1%).

Tips to avoid phishing scams

Keep your browser up to date. Look out for browser updates. They are released regularly and may contain security patches for vulnerabilities that were discovered on the browser. Cybercriminals often launch attacks to exploit known security vulnerabilities. Therefore it is essential to install any browser updates as soon as they become available.
Inspect the website’s URL. Carefully inspect the website’s URL before taking any action. Criminals use visually similar characters such as lower case “L” and capital “I” to deceive people into thinking they are on a legitimate website.
Look for an SSL certificate. Make sure the portal address starts with HTTPS (not with HTTP) and has a green padlock symbol before the web address. This means that the website has an SSL certificate, and the connection is encrypted.
Beware of grammar mistakes. Scammers rarely hire professional writers to check their copy-cat website’s content for errors. If a website is riddled with spelling mistakes, there is a high chance it is not legitimate.
Check if the website has been flagged. You can use URL checkers to see if the website has already been flagged. You can find many tools for this purpose by searching “Check URL safety” in Google.
Use Tracker Blocker. Take advantage of the Atlas VPN Tracker Blocker tool, which stops third-party trackers and blocks malicious websites for a safer browsing experience.

Sci-Tech

Current State of Cybersecurity Doesn’t Work

June 14, 2018 The Silo Leave a comment

“You pay your money, as the saying goes, and you take your chances.” says Falkowitz, CEO of Area 1 Security. “More and more these days, it seems like this ‘policy’ is the rule rather than the exception, in everything from health care insurance to the commuter parking lot. Even though you’ve paid for the product or service, no one’s really responsible for some reason when you suffer damages while consuming whatever it is you bought. Or worse yet, you somehow find that whatever you bought doesn’t really do what you bought it for. And there’s an asterisk somewhere in the fine print to explain why. Unfortunately, nowhere is this more prevalent than in today’s cybersecurity industry.”

Despite the billions spent on cybersecurity we continue to suffer the most debilitating and expensive breaches imaginable, and some that cannot be imagined under any circumstances. Yet experts predict the worst is still to come. Cybercrime has moved from data theft and website defacement to a trajectory that includes data manipulation, data loss and eventually, if something is not done to change the economics of being a bad guy on the internet, threats to the stability of society itself.

“Cybersecurity companies seem to be content to collect their millions with the caveat that they can’t really offer protection in exchange,” continues Falkowitz. “Their customers likewise collect mountains of data on their customers and are appropriately contrite when that data is stolen or misused but the apology is not accompanied by compensation. Even the government can’t protect itself, or its citizens even if they’re attacked by another nation-state.”

The excuses and the explanations are familiar: Cybersecurity is too complicated. Hackers are too clever. Attacks are unprecedented.

“Nonsense. Every bit of it.” says Falkowitz. “Cybersecurity is no more complicated than hundreds of other things we do routinely, from sending astronauts into space or open heart surgery. Hackers are human, just more persistent about how to fool the rest of us. And attacks are based on the same tried and true methods—phishing—they’ve been using for decades.”

Oren J. Falkowitz is the co-founder and CEO of Silicon Valley’s Area 1 Security. Oren held senior positions at the NSA and United States Cyber Command (USCYBERCOM) where he focused on Computer Network Operations & Big Data and is a predominant cybersecurity industry thought-leader committed to keeping high-level national security conversations relevant. For the Silo, by Jennifer Vickery.

Supplemental- What exactly is phishing?